Synology RackStation RS3614xs+

Some time back, we received two Synology RS3614xs+ units so that we could address our rather painful lack of on campus storage (my Thruk monitoring system has a lot of machines that complain about lack of disk space cluttering up the place; most typically are over 90% full, which is not ideal). Off campus storage, thanks to Google Apps for Education, is not exactly a problem any more.

Synology RS3614xs+

We chose these after carefully surveying the low-mid range NAS/SAN market. They had a number of features which appealed, including dynamic flash/SSD caching, AD integration, integration with Google Drive, and 10 gigabit network interfaces; they also feature redundant power supplies and the possibility of adding more storage through expansion chassis. I'm particularly excited about having them set up as a redundant pair. The price/performance seemed about the best we were going to get. And it never hurts when a fellow sysadmin has had similar units in production for a while, and rather likes them.

One thing I'm particularly excited to see is faster student logins, one shared profiles end up cached on SSDs and spewed into the LAN at multi-gigabit speeds.

So, it's probably about time we configured these and put them into production...

OMG. I can't Teach, the Internet is down...!

Earlier in the week, we had our first major/prolonged outage since I've been here. A contractor (somewhat ironically installing a route for a second fibre to prevent this sort of thing from being an issue) drilled through the only fibre cable serving one of our biggest teaching blocks; 12 classrooms and a (deprecated) computer lab - and taking out Afrikaans, Geography, History and about 1/6th of the English department. It also reveals that the school makes "production" use of some very popular unofficial communications channels, particularly WhatsApp.

In a sort of "is this a hidden camera show?" scenario, it unfolded a bit like this:

Despite starting drilling a good 10cm away from the existing fibre, I pointed out that the drill bit was not straight and was pointing upward (i.e toward the existing fibre). This was not considered to be a problem, perhaps because geometry/trig is irrelevant once you leave school.

Next, I pointed out (from the other side of the wall, in between drilling "sessions", through a window) that the cable had started to move/wobble/vibrate a bit. Then a bit later, alarmingly so - so if they weren't pushing on the exposed cable by accident (I can't see through brick - yet), suggesting that they were almost certainly hitting the existing cable with the drill bit.

Drilling continued.

Then I announced that the link light had gone out on the switch.

*facepalm*.

One day, Apple might actually work in Education.

On Wednesday last week, I had some fruitful (pun not originally intended, but greatly amusing with hindsight) discussion with some people who resell Apple goods and services and various MDM solutions in South Africa, and later on, attended a presentation session on "Apple Classroom" and other goodies Apple is dangling like so much ripe fruit - often just out of reach. I also spend a while talking to a teacher and some techies from a school in another town - we share many of the same challenges, and it's often helpful to hear what others are doing. They have particular challenges in scaling management of their 300 iPads.

Also, there was a little time for networking with fellow techies at other schools around here about some of the challenges we face. The IT division at local university, Rhodes, used to organise "techie chats" - they were always rather valuable as getting together most of the Clue in town teaches you a lot, very quickly - and particularly the Rhodes people, by virtue of their membership of various management boards knew what was coming from the Internet (through the NREN, TENET, who is basically our ISP via the Albany Schools Network) some time in advance - and would share that info, when it wasn't embargoed. Perhaps someone ought to carry on that tradition...

Apple Classroom app icon

I was particularly pleased to see that the presenter took pains to note specifically which features were (kind of) available in South Africa, and which were definitely not - quite a change from Apple's own marketing, and it inspires a fair degree of confidence in their ethics and company. I've previously had the same person show me an MDM solution (which we spent time going through and quickly realised wasn't quite going to help us in our complicated free-for-all BYOD scenario) - and they were quite happy to discuss and show me the limitations of that software - all too rare in tech sales in many companies.

Teachers may find Apple's "Getting Started with Classroom" useful - but bear in mind not all features are necessarily available to you.

Here are most of the features of relevance to education in IOS 9.3 that were discussed in the presentation....

Juniper EX4600 switches - first impressions

We recently* took delivery of two Juniper EX4600 switches to ultimately replace our rather decrepit old Nortel Passport 1624G collapsed core/distribution switches. When they don't even bother to consistently relay DHCP messages, it's time to retire them (I had a hack involving a Mikrotik routerboard - the "swiss army knife" of the under-resourced network architect - in place to patch the DHCP issue, but I didn't like it being so). That should give you an idea of what refresh cycles around here are - the Nortels were even second hand when the school acquired them!

Juniper EX4600 with two optional modules installed

This means that we ought to expect such high end L3 switches or core routers to remain in service for 8-10 years, so we need to ensure that when we buy something like the core of the network, it's going to keep pace as much as possible with likely developments over then next decade. "Predicting the future" in tech is hard (and often futile), but networking doesn't often go through sudden massive changes (networking tech inertia is high - see how we're mostly still using IPv4?). That means you're going to want to install units that support your long term vision of the network for a long time, and will likely ensure you'll be able to deploy the technologies you're likely to need (particularly faster backbones; IPv6; adequate resilience as the school network moves from "sometimes, email is useful" to "OMG, I can't teach because the internet is down"). It also means we're probably ultimately going to lose them to old age "bathtub curve" failure, rather than a formal refresh cycle...

Enabling VLAN assignment on Ubiquiti UniFi-IW APs

Whilst I've had a fair number of fairly serious headaches when it comes to the deployment of Ubiquiti's UniFi wireless system since term began, sometimes, progress is made, and features they've long promised start to materialise.

They recently released the official new V5.x line of controller software, and an update to the firmware of the Cloud Key controller, to v0.5.0. After waiting a few days and hearing not much wailing and gnashing of teeth on the UNBT forums, I took the plunge to upgrade this morning, which didn't go smoothly (a tale for another time and place). Generally, the AP firmware is full of holes (800+ posts on a thread is not a good sign), so you sort of have to live at or uncomfortably close to the bleeding edge to keep your "customers" happy with these products. Or, you know, pick another platform (at far higher cost).

Anyway...

One of the things this new v5.x line of controller software does is properly enable VLAN control/assignment of/to the front ethernet ports on the UniFi UAP-IW, which is a neat little gadget that combines a basic enterprise 2.4GHz wireless AP with two wired Ethernet sockets, one of which features passthrough PoE. This makes it ideal for either very high density deployments (like in hotel rooms, and in our context, boarding houses) or in "edge" areas you're trying to serve at relatively low cost, but in a fairly feature-rich way.

Ubiquiti UniFi AP IW. Picture from https://www.ubnt.com/unifi/unifi-ap-wall/

These gadgets will enable you to provide, for example, a boarding school house person with a 2.4GHz wireless connection, a PoE powered VOIP phone and a network connection for a wired ethernet device. About the only downsides are a) they're limited to 100Mb/s, and b) they're deep enough - once you've got an ethernet flylead plugged in the back - not to really fit into standard wall boxes (at least around these parts) and c) no 5GHz radios. If it's mounted into an actual wall, you could probably hollow out a little more masonry at the back and have a great time installing loads of them, or you might add another "sticking out of the wall" box over a sunk into the wall box. And you can probably live without 5GHz in the odd spot, and for a few users, 100Mb/s is enough.

The other downside is that 50% of the devices of this type I've seen totally kill UniFi wireless AP networks (when your sample size is n=2, and one of them is really buggered, that's not a particularly surprising percentage!) - that sort of misbehaviour seems to be quite unusual.

Now, with the latest software, they actually allow you to control the VLAN assignment per port, and not just use whatever untagged VLAN you throw at the input port at the back. In other words, they become actually useful in an enterprise network, and will finally fulfill what I ordered them for (the house person exercise above).

Of course, this isn't well documented (or perhaps, they've done silly things like bury it in a PDF manual, but I can't find it). So, let's WABM it...!